Visão Geral

Este curso proporciona formação aprofundada sobre as ferramentas de que necessita para instalar, configurar, operar e solucionar eficazmente problemas relacionados com o McAfee Application Control e o McAfee Change Control para salvaguardar a propriedade intelectual e garantir a conformidade.

Objetivo

Após concluir o Curso Open Source/McAfee Application Control and McAfee Change Control Administration, você será capaz de:

• Compreender as capacidades das soluções de Controlo de Aplicações e Controlo de Alterações da McAfee
• Instalar e administrar
• Gerir à distância
• Proteger os pontos finais

Publico Alvo

• Este curso destina-se a administradores de sistemas, pessoal de segurança, auditores, e/ou consultores preocupados com a segurança de sistemas.
  

Pre-Requisitos

• Recomenda-se que os estudantes tenham um conhecimento prático da administração do Microsoft Windows, conceitos de administração de sistemas, uma compreensão básica dos conceitos de segurança informática, e uma compreensão geral de vírus e tecnologias anti-vírus.
  

Informações Gerais

Carga Horária: 32h

• Se noturno este curso é ministrado de Segunda-feira à sexta-feira, das 19h às 23h
• Se aos sábados este curso é ministrado das 9h às 18h
• Se in-company por favor fazer contato para mais detalhes.

Formato de entrega:

• 100% on-line ao vivo, via Microsoft Teams na presença de um instrutor/consultor ativo no mercado.
• Nota: não é curso gravado.

Lab:

• Laboratório + Exercícios práticos  

Materiais

Conteúdo Programatico

Introduction to the McAfee Application Control/Change Control

1. What is MACCC?
2. Solidcore Architecture
3. Multi-layered Security Solution
4. Whitelisting
5. Trust Model
6. Image Deviation
7. Differentiators
8. Visibility and Enforcement for End-to-end Compliance
9. File Integrity Monitoring
10. Change Prevention
11. Install Workflow
12. Navigation to Solidcore Components
13. Solidcore Configuration
14. Updaters or Publishers
15. Solidcore Configuration
16. Installers
17. Solidcore Policies
18. Windows Path Definitions
19. Solidcore Server Tasks
20. Solidcore: Purge Task
21. Migration Server Task
22. Calculate Predominant Observations (Deprecated)
23. Content Change Tracking Report Generation
24. Solidcore: Run Image Deviation
25. Image Deviation (Application Control)
26. Specifying a Golden Image
27. Solidcore: Scan a Software Repository

Planning a McAfee® ePolicy Orchestrator™ Deployment

1. ePO Server Prerequisite Software
2. Supported SQL Server Releases
3. Default Communication Ports
4. Default Ports
5. Determining Ports in Use
6. Deployment Scenario: Basic Plan
7. Solution A: One ePO Server
8. Solution B: Two ePO Servers
9. Solution C: ePO server with Agent Handlers
10. Deployment Scenario: Disk Configuration
11. Solution: Less than 5,000 Nodes
12. Solution: 5,000 to 25,000 Nodes
13. Deployment Scenario: Disk Configuration
14. Solution: 25,000 to 75,000 Nodes
15. Solution: More than 75,000 Nodes
16. How Products and Events Affect Calculations
17. Example: Calculating Averages
18. Calculating Your Environment

Security Connected and McAfee® ePolicy Orchestrator™ Overview

1. Security Evolution
2. Security Connected
3. Breadth and Depth for Security
4. ePO Solution Overview
5. How ePO Works
6. Essential Features
7. ePO Web Interface
8. Menu Page

McAfee® Agent

1. Agent Components
2. Agent-Server Secure Communication Keys
3. Communication after Agent Installation
4. Typical Agent-to-Server Communication
5. McAfee Agent-to-Product Communication
6. Forcing Agent Activity from Server
7. Wake-up Calls and Wake-up Tasks
8. Configuring Agent Wake-up
9. Locating Agent Node Using DNS
10. Forcing McAfee Agent Activity from Client
11. Viewing McAfee Agent Log
12. ePO 4.x/McAfee Agent 4.x Feature Dependencies
13. Agent Files and Directories
14. McAfee Agent Log Files
15. Using Log Files
16. Installation Folders

Application Control/Change Control Extension Installation

1. Extensions in ePO
2. Extensions Menu
3. Integration of AC/CC Extension
4. ePO Database Sizing
5. Installation of Extension
6. Solidcore Licensing
7. What is Solidcore?
8. Install Workflow Review
9. Installing Licenses
10. Solidcore Database Tables

Solidcore Client

1. The agent plug-in and how it works
2. Types of Platforms Protected
3. Supported Systems
4. Check-in Agent Plug-in Package into ePO
5. Deploying the Solidcore Agent Plugin
6. Verifying Installation from the Endpoint
7. Solidcore Client Tasks
8. Enable Solidcore Agent Task
9. Disable Solidcore Agent Task
10. Initial Scan to Create Whitelist
11. Pull Inventory
12. Begin Update Mode
13. End Update Mode
14. Change Local CLI Access
15. Collect Debug Info
16. Run Commands
17. Get Diagnostics for Programs
18. Features for the Client
19. Client Notifications and Events
20. Client Events and Approvals
21. Customizing Client Notifications

Application Control Initial Configuration

1. What are Observations?
2. Observe Mode
3. Manage requests
4. Review requests
5. Process requests
6. Allow by a checksum on all endpoints
7. Allow by publisher on all endpoints
8. The ban by a checksum on all endpoints
9. Define custom rules for specific endpoints
10. Allow by adding to whitelist for specific endpoints
11. Define bypass rules for all endpoints
12. Delete requests
13. Review created rules
14. Throttle observations
15. Define the threshold value
16. Review filter rules
17. Manage accumulated requests
18. Exit Observe mode
19. Inventory Introduction
20. Fetch Inventory
21. GTI Integration
22. Trust level and score
23. Cloud Trust Score
24. Inventory Without Access to GTI
25. Fetch McAfee GTI ratings for isolated networks
26. Export SHA1s of all binaries
27. Run the Offline GTI tool
28. Fetch Inventory – Bad File Found Event
29. Manage the inventory
30. Manage Binaries
31. Application Control Policies
32. Role of the Policy
33. Application Control Configuration
34. Managing Rule Groups
35. Creating an Application Control Rule Group
36. Updater Tab
37. Trusted Users
38. Using a Rule Group to Block an Application

Application Control Feature Administration

1. What is Update Mode?
2. How to Update a Solidified System
3. Auto-Updaters
4. Authorized Updaters
5. Determining Updaters
6. Understanding Publishers
7. Understanding Installers
8. Scan a Software Repository
9. Revisit – Solidcore Permission Sets
10. Reboot Free Activation
11. Inventory Management Enhancements
12. Inventory Management – Pull Inventory
13. Inventory By Application
14. Inventory By Systems
15. Inventory Application Drill-down
16. Inventory Binary Drill-down
17. Modifying Enterprise Trust Level

Event and Alerts

1. Understanding Events
2. What Creates an Event
3. When Are Events Sent Back?
4. Viewing Events
5. Advanced Filters
6. Selecting Columns to Display
7. Viewing the Details of an Event
8. Solidcore Events
9. Example of Solidcore Events
10. Application Control Events
11. Planning Automatic Responses
12. Throttling, Aggregation, and Grouping
13. Understanding Alerts
14. Configuring a Solidcore Alert
15. Viewing an Alert
16. Support of SNMP Alerts
17. Customizing End-User Notifications
18. Syslog Enhancements

Change Control Initial Configuration

1. Application Control & Change Control
2. Change Control & Integrity Monitoring
3. Disable Solidcore
4. Enable Solidcore on the Endpoint
5. Verifying Client Task Completion
6. Integrity Monitoring Policies
7. Using Integrity Monitor
8. Creating an Integrity Monitor policy
9. Integrity Monitoring Policies
10. Testing your Monitoring
11. Reducing “Noise”
12. Example of Reducing “Noise”

Using the Policy Catalog and Managing Policies

1. Change Control Policies
2. Variables for Use in Policies
3. Example of Variables in a Rule Group
4. Write Protect a File, Trusted Program can Alter
5. Write Protect a Registry Key, Program can Alter
6. Write Protect a File, Trusted User can Alter
7. Verifying only Trusted User can Alter
8. Read Protection must be Enabled
9. Read Protect a File, Trusted Program can Access
10. Emergency Changes
11. Content Change Tracking
12. One-Click Exclusion (Advanced Exclusion Filtering)
13. One-Click Exclusion Configuration

Dashboards and Reporting

1. ePO Dashboards
2. Queries As Dashboard Monitors
3. Dashboard Access
4. Dashboard Configuration
5. Solidcore Dashboards
6. Application Control Dashboard
7. Change Control Dashboard
8. Integrity Monitor Dashboard
9. Inventory Dashboard
10. Solidcore Queries
11. Reporting > Solidcore
12. Application Control > Inventory
13. Application Control > Image Deviation
14. Automation > Solidcore Client Task Log
15. Creating a Customized Dashboard
16. Making a Dashboard Public
17. Set the Default Dashboard

Troubleshooting

1. Solidcore Architecture and Components
2. Solidcore 6.1.3 Architecture
3. Troubleshooting References
4. Location of Solidcore Files on Endpoint
5. ePolicy Orchestrator Application Server Service Logs
6. Solidcore Registry Keys on Endpoint
7. Solidcore Services
8. Troubleshooting Best Practice
9. Escalation Best Practices
10. Troubleshooting GTI Cloud Issues Best Practice
11. Top Issues – Task Failure
12. Top Issues – Denied Execution Issues
13. Top Issues – Denied Execution of a Network Share
14. Top Issues – Network Share
15. Top Issues – KB
16. Useful Tools
17. Solidcore Event Logs
18. Solidcore User Notifications
19. Solidcore Troubleshooting Tools
20. Escalation Tools
21. Minimum Escalation Requirements (MER)
22. Running MER Tool on Client
23. Dump Tools

Case Studies

1. A Case from History
2. Unpatched, Known Vulnerabilities in the Client
3. Browser-based Exploits
4. The Remedy
5. Application Whitelisting
6. Increasing Compliance Requirements
7. Remedy
8. File Monitoring
9. Complete the Task

CLI Administration

1. Solidcore CLI
2. Viewing the CLI Access
3. Enabling the CLI
4. Unlocking the CLI Locally
5. Securing the CLI
6. Using the CLI
7. SADMIN Commands
8. Solidifying from the CLI
9. Unsolidifying
10. What is Solidcore’s Status?
11. Beginning the Update Status
12. Ending the Update Status
13. Enabling and Disabling Solidifier
14. SADMIN Commands
15. Advanced SADMIN Commands
16. Solidcore Commands
17. New CLI Commands
18. Application Control Rules & Helpful Commands
19. Read/Write Protect Files
20. Change Control Commands – Write Protection
21. How To Write Protect a File
22. Modifying a Read/Write Protected Files
23. Change Control Features – Write Protection
24. Application Control
25. Authorize Command Arguments
26. Discovering and Adding Updaters
27. SADMIN Diag Notations
28. Discovering and Adding Updaters
29. Using Attributes to Control File Execution
30. Using Attributes to Control File Execution
31. Viewing Solidcore Events
32. Event Sinks
33. Logging Events
34. Event Names and Log Entries
35. Product Tools

Best Practices

1. Review of Initial Setup Tasks
2. Systems Tree Infrastructure
3. Communication between ePO and Agent
4. Activation Options: Application Control Only
5. Inventory Collection Scan
6. Protection State Selection
7. Protection State Delivery
8. Testing Protection mechanisms
9. Policies and Rule Groups
10. Policy Tuning
11. Bypass Rules and Exclusions
12. Inventory and Whitelist
13. Updaters
14. Application Control Memory Protection
15. Basic Troubleshooting and FAQs
16. Solving Memory Discrepancies
17. Helpful Resources